0cb77fcaae2d6ba1681390ca0891a8db29e27534026344f3d102dba4eeae95cc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

0cb77fcaae...cc.exe

windows7-x64

8

0cb77fcaae...cc.exe

windows10-2004-x64

8

Sharing

General

Target

0cb77fcaae2d6ba1681390ca0891a8db29e27534026344f3d102dba4eeae95cc
Size

935KB
Sample

221125-tqw9jaae32
MD5

243dab2eca215f326fa3657b4d7158b4
SHA1

73dc52ea1d14467236dac06227e94c9240533234
SHA256

0cb77fcaae2d6ba1681390ca0891a8db29e27534026344f3d102dba4eeae95cc
SHA512

af00a9797a38ab86f25313b69233d89778b615fac0ca6b1879def3adb5063e60a81dd33af5551729863f703cc46bcf4aa47e63329d31a7cb9bcf90be5d968f76
SSDEEP

12288:J5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4:JyHv5Z+Wzv7AiBll0OBWi6si9G

Score

8^/10

upx

Static task

static1

Behavioral task

behavioral1

Sample

0cb77fcaae2d6ba1681390ca0891a8db29e27534026344f3d102dba4eeae95cc.exe

Resource

win7-20221111-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0cb77fcaae2d6ba1681390ca0891a8db29e27534026344f3d102dba4eeae95cc.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  0cb77fcaae2d6ba1681390ca0891a8db29e27534026344f3d102dba4eeae95cc
- Size
  
  935KB
- MD5
  
  243dab2eca215f326fa3657b4d7158b4
- SHA1
  
  73dc52ea1d14467236dac06227e94c9240533234
- SHA256
  
  0cb77fcaae2d6ba1681390ca0891a8db29e27534026344f3d102dba4eeae95cc
- SHA512
  
  af00a9797a38ab86f25313b69233d89778b615fac0ca6b1879def3adb5063e60a81dd33af5551729863f703cc46bcf4aa47e63329d31a7cb9bcf90be5d968f76
- SSDEEP
  
  12288:J5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4:JyHv5Z+Wzv7AiBll0OBWi6si9G
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy